mirror of
https://gitea.com/mcereda/oam.git
synced 2026-02-09 05:44:23 +00:00
2.3 KiB
2.3 KiB
Certbot
Client that fetches a TLS certificate from Let's Encrypt and deploys it to a web server.
TL;DR
Meant to be run on one's web server via the CLI.
Setup
pip install 'certbot'
pip install 'certbot-dns-cloudflare' # leverage cloudflare
pip install 'certbot-dns-route53' # leverage AWS Route53
# Integrate with Nginx.
dnf install 'certbot' 'nginx' 'python3-certbot-nginx'
Usage
# Request a certificate.
docker run -it --rm --name 'certbot' \
-v '/etc/letsencrypt:/etc/letsencrypt' -v '/var/lib/letsencrypt:/var/lib/letsencrypt' \
'certbot/certbot' certonly
# Request a certificate and validate it over DNS leveraging AWS Route53.
docker run -it --rm --name 'certbot' \
-v "$HOME/.aws:/root.aws:ro" \
-v '/etc/letsencrypt:/etc/letsencrypt' -v '/var/lib/letsencrypt:/var/lib/letsencrypt' \
'certbot/dns-route53' certonly
# Request a certificate.
# Certbot will temporarily spin up a web server listening on port 80 on the running machine.
certbot certonly --standalone
# Request a certificate *without* temporarily spin up a web server listening on port 80 on the running machine.
certbot certonly --webroot
# Request a certificate leveraging a running Nginx server.
certbot --nginx -d 'code.example.org' --non-interactive --agree-tos -m 'someone@example.org'
# Request a certificate leveraging AWS Route53.
certbot certonly --dns-route53 -d 'example.org' -d 'www.example.org'
# Request a certificate leveraging Cloudflare.
certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~'/.secrets/certbot/cloudflare.ini' \
--dns-cloudflare-propagation-seconds 60 -d 'example.org'
# Renew certificates.
certbot renew -q